192.168.0.100:8443
acl url_admin hdr_beg server.domain.com
redirect prefix http://X unless url_admin
option forwardfor except 192.168.0.100
server srv 127.0.0.1:8080 maxconn 256
Thanks,
Regards.
--
Mariusz Gronczewski (XANi) xani...@gmail.com
GnuPG
prefix option in haproxy to force
SSL.
Hope this helps
Chris
--
Mariusz Gronczewski (XANi) xani...@gmail.com
GnuPG: 0xEA8ACE64
http://devrandom.pl
signature.asc
Description: This is a digitally signed message part
of monitoring, or at least stats page active is also
very helpful.
--
Mariusz Gronczewski (XANi) xani...@gmail.com
GnuPG: 0xEA8ACE64
http://devrandom.pl
signature.asc
Description: To jest część wiadomości podpisana cyfrowo
Creating fresh, flexible and fast-growing web applications is our
passion.
3rd Floor, Gensurco House,
46A Rosebery Avenue, London, EC1R 4RP
http://www.new-bamboo.co.uk
--
Mariusz Gronczewski (XANi) xani...@gmail.com
GnuPG: 0xEA8ACE64
http://devrandom.pl
signature.asc
Description
.
Thanks in advance.
Best,
Michael
IM not familiar with stunnel, can stunnel utilize more than one core ?
If not u might try to use some light http server like lighttpd or nginx
as ssl proxy.
--
Mariusz Gronczewski (XANi) xani...@gmail.com
GnuPG: 0xEA8ACE64
http://devrandom.pl
signature.asc
connections but wait for already established ones to finish
2) start listening
3) if something is wrong (bad config etc) signal old instance to resume
listening
so its more like stop old instance and start new, but existing
connections wont be destroyed
--
Mariusz Gronczewski (XANi) xani...@gmail.com
as SSL
proxy instead ?
--
Mariusz Gronczewski (XANi) xani...@gmail.com
GnuPG: 0xEA8ACE64
http://devrandom.pl
signature.asc
Description: To jest część wiadomości podpisana cyfrowo
address
Then proxy will be passing original client IP thru X-Forwarded-For
header
except 127.0.0.1 is because lighttpd adds X-Forwarded-For when used
as proxy so haproxy doesn't have to (obv. replace it with other ip if ur
SSL proxy is on different host)
Regards
XANi
--
Mariusz Gronczewski (XANi) xani
with haproxy?
Thank you
Anne
__
From: XANi [mailto:xani...@gmail.com]
Sent: Saturday, March 13, 2010 4:25 PM
To: Anne Moore
Cc: haproxy@formilux.org
Subject: Re: setup with Oracle and SSL
Hi
Dnia
problem
so as long as app do some queries connection won't be dropped
2) u can do /etc/init.d/haproxy stop ; /etc/init.d/haproxy start
--
Mariusz Gronczewski (XANi) xani...@gmail.com
GnuPG: 0xEA8ACE64
http://devrandom.pl
signature.asc
Description: To jest część wiadomości podpisana cyfrowo
IP limit per set. Also no need to restart haproxy for
adding new IP's
--
Mariusz Gronczewski (XANi) xani...@gmail.com
GnuPG: 0xEA8ACE64
http://devrandom.pl
signature.asc
Description: To jest część wiadomości podpisana cyfrowo
-proxy ?
--
Mariusz Gronczewski (XANi) xani...@gmail.com
GnuPG: 0xEA8ACE64
http://devrandom.pl
signature.asc
Description: To jest część wiadomości podpisana cyfrowo
plus rien ...
En fait je voudrais simplement capturer les quelques warning et error
que j'ai sur la page de stats.
It might help if u repost your question in english (its language we use
on this mailing list), tho probably you problem is in too low timeouts
--
Mariusz Gronczewski (XANi) xani
at a given time (possibly two if you force console access, but I don't
believe so).
Yup, one console per WinXP, two on W Server, for more u need terminal
server
--
Mariusz Gronczewski (XANi) xani...@gmail.com
GnuPG: 0xEA8ACE64
http://devrandom.pl
signature.asc
Description: To jest część
better (with empty iptables there is no need for kernel to go thru any
rule so a bit less cpu load)
--
Mariusz Gronczewski (XANi) xani...@gmail.com
GnuPG: 0xEA8ACE64
http://devrandom.pl
signature.asc
Description: To jest część wiadomości podpisana cyfrowo
recommend linode.com (they have data
centers in europe and US), much faster than Amazon, and also have some
kind of API
--
Mariusz Gronczewski (XANi) xani...@gmail.com
GnuPG: 0xEA8ACE64
http://devrandom.pl
signature.asc
Description: To jest część wiadomości podpisana cyfrowo
tho it can be used to
replace it in some cases.
--
Mariusz Gronczewski (XANi) xani...@gmail.com
GnuPG: 0xEA8ACE64
http://devrandom.pl
signature.asc
Description: To jest część wiadomości podpisana cyfrowo
when you're restarting, block sending TCP RST packets
to client, so when TCP SYN hits loadbalancer when its restarting and
frontend port is closed, client connection won't get resetted, TCP will
just retransmit SYN packet.
--
Mariusz Gronczewski (XANi) xani...@gmail.com
GnuPG: 0xEA8ACE64
http
Dnia 2009-12-17, czw o godzinie 07:52 +0100, Willy Tarreau pisze:
On Wed, Dec 16, 2009 at 01:56:06PM +0100, XANi wrote:
Is there a way to do this using rewrite rules?
This specific one above cannot because you have to take one part
from the Host header and inject
gets redirected to
http://page/profile/profilename ?
Atm its only reason why we are still using nginx ;]
as for rewrites, what u really want is you app supporting that kind of
address, like Willy said, those are only ugly workarounds
--
Mariusz Gronczewski (XANi) xani...@gmail.com
GnuPG
Gronczewski (XANi) xani...@gmail.com
GnuPG: 0xEA8ACE64
http://devrandom.pl
signature.asc
Description: To jest część wiadomości podpisana cyfrowo
(XANi) xani...@gmail.com
GnuPG: 0xEA8ACE64
http://devrandom.pl
signature.asc
Description: To jest część wiadomości podpisana cyfrowo
for
something and not because server is overloaded it wont change much. You
might want to consider checking if other http servers liek lighttpd also
have that bug
--
Mariusz Gronczewski (XANi) xani...@gmail.com
GnuPG: 0xEA8ACE64
http://devrandom.pl
signature.asc
Description: To jest część wiadomości
On Sun, 22 Nov 2009 21:30:51 +0800, Ryan Chan ryanchan...@gmail.com
wrote:
Hello,
On Sat, Nov 21, 2009 at 4:39 PM, XANi xani...@gmail.com wrote:
Well haproxy won't buffer response so that will help a bit on
not-so-slow-but-not-fast-either req. But then u could try use
apache + mod_worker
tho) in that config it
will buffer req. in apache, freeing php processes to server other req.
Regards
Mariusz
--
Mariusz Gronczewski (XANi) xani...@gmail.com
GnuPG: 0xEA8ACE64
http://devrandom.pl
signature.asc
Description: PGP signature
is no, nothing out of the box, but yes, it should be
possible :)
Regards
Mariusz
--
Mariusz Gronczewski (XANi) xani...@gmail.com
GnuPG: 0xEA8ACE64
http://devrandom.pl
signature.asc
Description: PGP signature
200 OK if app and its db
is ok and 500 ERR if something is wrong
Regards
Mariusz
--
Mariusz Gronczewski (XANi) xani...@gmail.com
GnuPG: 0xEA8ACE64
http://devrandom.pl
signature.asc
Description: PGP signature
On Wed, 4 Nov 2009 06:58:32 -0500, John Lauro
john.la...@covenanteyes.com wrote:
I see two potential issues (which may or may not be important for
you).
1. Non http 1.1 clients may have trouble (ie: they don't send
the host on the URL request, or if they are not really http but
and I would have
to replace all of the libmysql* so files on my web servers.
if ur app don't have huge number of SQL query types u might want to
just rewrite parts of it, like they said in mysqlproxy docs, its only
experimental feature.
Regards
Mariusz
--
Mariusz Gronczewski (XANi) xani...@gmail.com
do that, u either have to use something like
http://forge.mysql.com/wiki/MySQL_Proxy_RW_Splitting
or (better) rewrite ur app to split write and read requests
Regards
Mariusz
--
Mariusz Gronczewski (XANi) xani...@gmail.com
GnuPG: 0xEA8ACE64
http://devrandom.pl
signature.asc
Description: PGP
request), for
that to work you would have to use one-transation-per-connection or
do heavy rewrite of haproxy to support your application protocol.
Regards
Mariusz
--
Mariusz Gronczewski (XANi) xani...@gmail.com
GnuPG: 0xEA8ACE64
http://devrandom.pl
signature.asc
Description: PGP signature
would be some predefined value or (better)
calculated average from all nodes + 50% so u won't have situation where
every node weigth is skyrocketing or falling down because of small
load/overload
Regards
Mariusz
--
Mariusz Gronczewski (XANi) xani...@gmail.com
GnuPG: 0xEA8ACE64
http://devrandom.pl
32 matches
Mail list logo
